The Fibre Channel standard has been established to provide for high performance switching solutions for computing and data handling systems. Examples of applications where the high speed and high bandwidth of Fibre Channel switches may be used to advantage include interconnecting computers and high-performance storage devices, interconnecting computers in multiple-computer operating environments, and anywhere multiple high-speed data interconnections must be established between designated nodes or groups of nodes in data handling networks.
The Fibre Channel standard, ANSI X3.T11, broadly defines classes and standards of function and performance, but does not dictate the implementation technologies to be used in providing these functions. A particular design of a switch to implement Fibre Channel functions is referred to as the ‘fabric’ of the switch. As this invention is directed to improvements in Fibre Channel switches, the description of the invention herein uses terminology and other defined terms from the field of Fibre Channel (referred to by the notation “FC” below) switches, and the FC standard may be consulted for definitions.
For data integrity and security reasons, it is necessary in some networks to make certain that certain hosts or devices have controlled access. For example, certain hosts may be allowed access to only certain storage devices, and vice versa. This requirement means that certain channels or groups of channels to which the affected hosts or devices are attached must be isolated from communication to or from other channels or groups of channels. Zoning techniques are used in prior art systems to define zones of addresses that will be considered valid for various sources or destinations connected to a switch.
Soft Zoning: The Problem
A problem with Fibre Channel zoning as it presently exists is that it is software-enforced zoning, often referred to as soft zoning. In soft zoning, devices connected to N_Ports and NL_Ports of the FC fabric login to the fabric and make queries of the Name Server to determine which of the remote devices this device can communicate with, along with their FC addresses (D_IDs). The Name Server defines and enforces the zones by listing in the login response the set of devices (by D_ID) that are in the login requester's zone or zones. In this manner, devices honor zones by using only those D_IDs given out by the Name Server.
However, this works only if all devices follow the rules, and there are no hardware failures. Soft zoning can be breached in the following ways.                Zones can be breached inadvertently by HBA software errors that generate incorrect D_IDs.        Zones can be breached by hardware failures, where the D_ID is corrupted somewhere between the source device and the destination device.        Zones can be breached deliberately by ill-mannered but non-malicious HBAs, such as those that walk through all D_IDs to discover where other HBAs are attached.        Zones can be breached maliciously by HBAs where the intent is to disrupt a system.        